Secure your dependencies. Ship with confidence.

This file contains a deliberate reverse shell backdoor that executes automatically when the module is loaded and connects to a hard-coded ngrok address. It is malicious and poses a severe security risk. Do not use this package; remove it from any systems where it was installed and perform incident response on hosts that executed it (rotate credentials, audit for persistence, inspect network logs).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 8 hours and 38 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

The code implements a permissive VFS API with endpoints that allow arbitrary file reads/writes, streaming uploads, and remote shell command execution. This is inherently high-risk for supply chain or runtime security: potential backdoors, data leakage, remote code execution, and unauthorized access. Absent strong authentication, input sanitization, and strict access controls, this module should be considered dangerous and unsuitable for deployment in untrusted environments. Recommended mitigations include: add robust authentication/authorization checks, implement strict path normalization and sandboxing for shell commands, limit /exec to tightly-scoped commands, audit all filesystem operations, and consider removing or disabled endpoints that allow arbitrary writes or command execution in public deployments.

This assembly is a strongly-suspicious, heavily-obfuscated loader/launcher. It reads encrypted embedded resources or local files, decrypts them with a hard-coded AES key/IV, and uses low-level native APIs and Marshal operations to allocate memory, write payload bytes, change memory protections and execute code (or inject into other processes). It also performs tamper/environment checks. These are classic indicators of a malicious in-memory loader or process-injection component. The package should be treated as malicious or at minimum extremely high-risk and removed from trusted builds until fully audited in a controlled analysis environment.

This is malicious code that performs unauthorized data exfiltration by sending video URLs to external servers, manipulates DOM content without consent, and disrupts normal website functionality. It represents a clear supply chain attack disguised as a legitimate HTTP library.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This package contains clearly malicious/unwanted behavior: a timed code path that shows an alert with a hardcoded political message and opens external links (including a Tor .onion URL and a change.org petition). That behavior is unrelated to the stated purpose (tournament UI) and should be considered a malicious or backdoor insertion. Do not use this package in production; treat it as compromised and remove/replace it. Investigate your dependency source (npm package, repository) and roll back to a known-good version or restore from trusted source.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

High confidence that this assembly is maliciously tampered: a module static constructor performs a silent download-and-execute from a hardcoded GitHub URL via PowerShell on assembly load. This is a remote code execution/backdoor behavior and constitutes a supply-chain compromise. Do not use this binary. Obtain a clean, verified build from upstream, verify checksums/signatures, and investigate the distribution channel. If this assembly was deployed, treat affected hosts as compromised and perform incident response.

The code exhibits clear signs of malicious behavior by sending sensitive system information and project configuration data over the network without user consent. This poses a significant security risk.

Live on npm for 7 hours and 4 minutes before removal. Socket users were protected even while the package was live.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

TThe component silently acquires webcam access on mount and periodically captures frames without user interaction, uploading images to http://localhost:8000/image/upload-image. The lack of UI, consent, or controls makes this behavior privacy-invasive and consistent with spyware patterns. Although the endpoint is localhost (reducing external exfiltration risk), repeated background capture and transmission remain high-risk. Additional issues include missing interval cleanup and inefficient resource usage.

This module exhibits multiple strong indicators of malicious behavior: heavy obfuscation, embedded encrypted payloads with hardcoded AES key/IV, RSA/Hash verification logic, runtime decryption of resources, use of kernel32 native APIs (VirtualAlloc/WriteProcessMemory/VirtualProtect/OpenProcess/LoadLibrary/GetProcAddress) via delegates, writing/executing memory and dynamic method trampolines. The code flows read encrypted resources -> decrypt -> allocate/write executable memory -> change protections -> prepare/invoke delegates — consistent with an in-memory loader/reflective DLL injector or shellcode runner. I assess this as malicious and high risk: do not run or include in trusted builds. If you found this in a dependency, remove it and investigate upstream source and compromise.

The second command attempts to create a reverse shell to the remote server '134.209.187.152' on port '82', which could allow an attacker to execute arbitrary code on the system. This behavior is highly suspicious and should not be used.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file implements a remote code-loading backdoor. It builds two HTTPS endpoints: • https://www[.]jsonkeeper[.]com/b/ELROA • https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML It performs axios.get() on each URL and, if the JSON response contains a `model` field, immediately executes it via: new Function('require', response.data.model)(require) Because `require` is passed in, the remote payload can import any Node core or installed module (fs, child_process, net, etc.) and perform arbitrary actions. There is no integrity check, cryptographic signature, sandboxing, or allowlisting. A hardcoded API key and obfuscated domain assembly further indicate malicious intent. This constitutes a high-severity backdoor/malware threat in the supply chain.

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code itself is not overtly malicious, but it intentionally executes user-provided modules and functions without sandboxing or sanitization. That design permits arbitrary code execution (via dynamic import and macro invocation) and could lead to data access, exfiltration, or XSS depending on how macros and returned HTML are used. Treat any macro files or markdown containing macros as fully trusted code. If untrusted macro files or user-supplied markdown are allowed, this is a serious supply-chain/security risk.

Live on npm for 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

High-risk elements: the postinstall script executes local code at install time and must be audited (lib/post_install.js). The presence of the same package (react) in multiple dependency sections triggers the critical rule and raises a high malware-suspicion flag. There are no non-registry dependency URLs or insecure http dependencies. Recommended actions: inspect lib/post_install.js source before installation, verify why react is declared in both devDependencies and peerDependencies (ensure it is not a disguised attack to coerce a source), and generally audit other included build scripts and files for any code that could exfiltrate data, install hooks, or spawn shells.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 4 hours and 31 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.

This file contains a deliberate reverse shell backdoor that executes automatically when the module is loaded and connects to a hard-coded ngrok address. It is malicious and poses a severe security risk. Do not use this package; remove it from any systems where it was installed and perform incident response on hosts that executed it (rotate credentials, audit for persistence, inspect network logs).

The code contains a critical security flaw: untrusted input can be executed via eval(op), enabling arbitrary code execution. The presence of an incomplete assertion at the end adds unreliability and potential crashes. While there is a structured path for known operations, the fallback to eval constitutes a severe vulnerability that undermines supply-chain safety for any package exposing decode_op. Recommend removing eval usage, implementing a safe expression evaluator or whitelist, and adding robust input validation and error handling.

This code is highly suspicious and should not be used without further investigation. The code is heavily obfuscated and could potentially contain malicious code. The purpose of the code is unclear and further investigation is necessary to determine its exact behavior.

Live on npm for 8 hours and 38 minutes before removal. Socket users were protected even while the package was live.

Hardcoded OpenAI API key exposed in source code (sk-proj-MsUkxNYAeWY5UogJ3v8CT3BlbkFJdoLGQKm9GCVjYCzFY0C9) with API calls redirected to suspicious non-official endpoint (http://e78e9fddbd7d736f363e6314d1b70180[.]api-forwards[.]com/v1) instead of the legitimate OpenAI API. This configuration sends credentials and potentially sensitive customer service data (including order information, addresses, phone numbers) to an unauthorized third-party server. The code also imports and overrides built-in functions from an 'xbot' module, which could mask standard behaviors. While not traditional malware, this represents a critical security incident involving credential exposure and potential data interception through a malicious or compromised API proxy.

The code implements a permissive VFS API with endpoints that allow arbitrary file reads/writes, streaming uploads, and remote shell command execution. This is inherently high-risk for supply chain or runtime security: potential backdoors, data leakage, remote code execution, and unauthorized access. Absent strong authentication, input sanitization, and strict access controls, this module should be considered dangerous and unsuitable for deployment in untrusted environments. Recommended mitigations include: add robust authentication/authorization checks, implement strict path normalization and sandboxing for shell commands, limit /exec to tightly-scoped commands, audit all filesystem operations, and consider removing or disabled endpoints that allow arbitrary writes or command execution in public deployments.

This assembly is a strongly-suspicious, heavily-obfuscated loader/launcher. It reads encrypted embedded resources or local files, decrypts them with a hard-coded AES key/IV, and uses low-level native APIs and Marshal operations to allocate memory, write payload bytes, change memory protections and execute code (or inject into other processes). It also performs tamper/environment checks. These are classic indicators of a malicious in-memory loader or process-injection component. The package should be treated as malicious or at minimum extremely high-risk and removed from trusted builds until fully audited in a controlled analysis environment.

This is malicious code that performs unauthorized data exfiltration by sending video URLs to external servers, manipulates DOM content without consent, and disrupts normal website functionality. It represents a clear supply chain attack disguised as a legitimate HTTP library.

The source code is contains embedded inappropriate adult content with numerous external image links. It is not valid or functional software code. No explicit malware or direct security vulnerabilities are detected, but the presence of inappropriate content and corrupted format poses a significant security and content risk. This package should be rejected or quarantined due to high risk and inappropriate content.

This package contains clearly malicious/unwanted behavior: a timed code path that shows an alert with a hardcoded political message and opens external links (including a Tor .onion URL and a change.org petition). That behavior is unrelated to the stated purpose (tournament UI) and should be considered a malicious or backdoor insertion. Do not use this package in production; treat it as compromised and remove/replace it. Investigate your dependency source (npm package, repository) and roll back to a known-good version or restore from trusted source.

The code sends sensitive credentials from environment variables over an unencrypted HTTP connection to an external API service at api[.]sqhyw[.]net:90. It authenticates using username/password from the YEZI_USER environment variable, retrieves access tokens, and automates the process of obtaining mobile phone numbers and SMS verification codes. This behavior poses significant supply chain security risks through: (1) leakage of environment variable credentials over unencrypted HTTP, (2) interaction with a suspicious external domain on a non-standard port, (3) logging of potentially sensitive API responses including tokens and SMS codes, and (4) facilitation of SMS verification bypass which could enable fraudulent account creation or spam activities. The code continuously polls the external API for up to 120 seconds to retrieve SMS codes, creating additional operational risks. While not containing traditional malware payloads, the credential exfiltration and suspicious external communication patterns justify classification as malware due to the significant security risks posed to systems that deploy this code.

High confidence that this assembly is maliciously tampered: a module static constructor performs a silent download-and-execute from a hardcoded GitHub URL via PowerShell on assembly load. This is a remote code execution/backdoor behavior and constitutes a supply-chain compromise. Do not use this binary. Obtain a clean, verified build from upstream, verify checksums/signatures, and investigate the distribution channel. If this assembly was deployed, treat affected hosts as compromised and perform incident response.

The code exhibits clear signs of malicious behavior by sending sensitive system information and project configuration data over the network without user consent. This poses a significant security risk.

Live on npm for 7 hours and 4 minutes before removal. Socket users were protected even while the package was live.

This file implements a high-impact automatic updater that, when enabled by a filesystem flag, will fetch PyPI metadata and, if a newer version exists, automatically install the 'simo' package and run multiple privileged/damaging maintenance commands (migrations, collectstatic, redis-cli flushall, supervisor restart). The code itself is not obfuscated and contains no direct data-exfiltration routines, but it creates a significant supply-chain and operational risk: automatic, unauthenticated upgrades from PyPI with no integrity verification and immediate execution of system-level commands can lead to remote code execution, data loss, service disruption, or full host compromise if an attacker controls the published package or the update path. Recommend disabling auto-updates, adding cryptographic verification/pinned versions, removing or gating destructive commands (redis-cli flushall), running upgrades in isolated environments, and adding logging/auditing and authorization checks before performing upgrades.

TThe component silently acquires webcam access on mount and periodically captures frames without user interaction, uploading images to http://localhost:8000/image/upload-image. The lack of UI, consent, or controls makes this behavior privacy-invasive and consistent with spyware patterns. Although the endpoint is localhost (reducing external exfiltration risk), repeated background capture and transmission remain high-risk. Additional issues include missing interval cleanup and inefficient resource usage.

This module exhibits multiple strong indicators of malicious behavior: heavy obfuscation, embedded encrypted payloads with hardcoded AES key/IV, RSA/Hash verification logic, runtime decryption of resources, use of kernel32 native APIs (VirtualAlloc/WriteProcessMemory/VirtualProtect/OpenProcess/LoadLibrary/GetProcAddress) via delegates, writing/executing memory and dynamic method trampolines. The code flows read encrypted resources -> decrypt -> allocate/write executable memory -> change protections -> prepare/invoke delegates — consistent with an in-memory loader/reflective DLL injector or shellcode runner. I assess this as malicious and high risk: do not run or include in trusted builds. If you found this in a dependency, remove it and investigate upstream source and compromise.

The second command attempts to create a reverse shell to the remote server '134.209.187.152' on port '82', which could allow an attacker to execute arbitrary code on the system. This behavior is highly suspicious and should not be used.

Live on npm for 6 minutes before removal. Socket users were protected even while the package was live.

This file implements a remote code-loading backdoor. It builds two HTTPS endpoints: • https://www[.]jsonkeeper[.]com/b/ELROA • https://json-project-opal[.]vercel[.]app/apikey/ZIOBBPJ577T22HML It performs axios.get() on each URL and, if the JSON response contains a `model` field, immediately executes it via: new Function('require', response.data.model)(require) Because `require` is passed in, the remote payload can import any Node core or installed module (fs, child_process, net, etc.) and perform arbitrary actions. There is no integrity check, cryptographic signature, sandboxing, or allowlisting. A hardcoded API key and obfuscated domain assembly further indicate malicious intent. This constitutes a high-severity backdoor/malware threat in the supply chain.

This Ruby script gathers sensitive host data (username via ENV or `whoami`, hostname via Socket.gethostname, and its own file path), hex-encodes each piece, and embeds them into a dynamically constructed subdomain under furb[.]pw (e.g. a<username_hex>.a<hostname_hex>.a<filepath_hex>.furb[.]pw). It then issues an HTTPS GET request to that domain via Net::HTTP, effectively exfiltrating system identifiers to an attacker-controlled endpoint. The use of an inverted `unless __FILE__ == $0` guard causes the code to run when the file is loaded as a library, making it a stealthy supply-chain backdoor with no user consent or visible functionality.

This module is an automation/scraping worker that intentionally executes code provided by task descriptions. That design requires trusting the task source. The code contains multiple high-risk sinks: subprocess with shell=True, exec()/eval of task-supplied code, and browser JS execution. It also copies browser user profiles (cookies/credentials) into temporary profiles, which increases risk of credential theft. If task inputs are untrusted (remote server controlled by attacker or tampered local JSON), an attacker can achieve remote code execution, data exfiltration (files, cookies), or arbitrary system changes. Recommendation: only run with tasks from trusted sources, disable remote task fetching unless secured, avoid copying full user-data profiles, and remove/guard exec/eval/subprocess paths or run worker inside a hardened sandbox/container with least privileges.

The code itself is not overtly malicious, but it intentionally executes user-provided modules and functions without sandboxing or sanitization. That design permits arbitrary code execution (via dynamic import and macro invocation) and could lead to data access, exfiltration, or XSS depending on how macros and returned HTML are used. Treat any macro files or markdown containing macros as fully trusted code. If untrusted macro files or user-supplied markdown are allowed, this is a serious supply-chain/security risk.

Live on npm for 4 hours and 19 minutes before removal. Socket users were protected even while the package was live.

High-risk elements: the postinstall script executes local code at install time and must be audited (lib/post_install.js). The presence of the same package (react) in multiple dependency sections triggers the critical rule and raises a high malware-suspicion flag. There are no non-registry dependency URLs or insecure http dependencies. Recommended actions: inspect lib/post_install.js source before installation, verify why react is declared in both devDependencies and peerDependencies (ensure it is not a disguised attack to coerce a source), and generally audit other included build scripts and files for any code that could exfiltrate data, install hooks, or spawn shells.

This module zips a local directory and uploads it to a specific S3 bucket. The code contains hardcoded AWS credentials and a hardcoded bucket name, which is a severe security issue and could enable data exfiltration if these credentials are valid. There are additional problems: a likely return-value bug (undefined variable s3_ke), possible insufficient path-safety around symlinks, and verbose logging of paths. There is no evidence of obfuscation or active payloads like reverse shells or eval-based code execution. Treat this package as high-risk until credentials are removed/rotated and the code is corrected and reviewed.

Live on PyPI for 5 days, 4 hours and 31 minutes before removal. Socket users were protected even while the package was live.

The code is designed to exfiltrate sensitive system information to an external domain using DNS queries, which is a clear indication of malicious intent. The use of encoding and DNS queries suggests an attempt to hide this activity.

Live on npm for 40 minutes before removal. Socket users were protected even while the package was live.